The European Union’s (EU) priorities for external security include efforts to improve its cyber-security capabilities. The EU is committed to supporting Member States in case of cyber attacks by increasing efforts in the areas of supply, infrastructure protection and crisis management[1]. At the same time, it aims to strengthen its cyber-security regulations in order to address the growing threat posed by cyber attacks and to exploit the opportunities of the new digital age. Considering the complexity of the subject, the EU together with the People’s Republic of China created the EU-China Taskforce to improve cooperation against hybrid threats, in order to maximize the positive role of Information and Communication Technologies (ICT) and to exchange points of views on shared risks[2]. In this article the EU cyber policy will be brought to light at first, and hence the points of conjunction with China. Secondly, an overview of the opinions of the experts regarding this form of cooperation will be given. Finally, the impact that this form of cooperation can have on the security of both parties will be explained in light of the Council Conclusions following the Summit of 22 March 2019 and of the Summit with China on 9 April.

1.The EU and China: the importance of cyber

Already in 2015 within the conclusion of the European Council on cyber-diplomacy[3] and within the Global Strategy, the EU set itself the goal of intensifying its cyber-security, helping Member States to protect themselves from cyber threats while maintaining an open, free and secure cyberspace that guarantees data availability and data integrity[4]. The EU wanted to present itself as a participant and forward-thinking cyber actor, supporting multilateral digital governance and a global cooperation framework on cyber-security, respecting the free flow of information[5]. On the 20^th of December 2017, the EU institutions took an important step in strengthening their cooperation in the fight against cyber attacks. An inter-institutional agreement established a permanent cyber emergency response group (CERT-EU) which covered all EU institutions, bodies and agencies[6]. On 18^th of October 2018, the European Council called for measures to build solid IT security by referring to restrictive measures capable of responding and deterring cyber attacks. The proposal presented new initiatives such as: the construction of a stronger European IT security agency and the introduction of a computer security certification system[7].

 1. Cyber Defence In The EU: Preparing For Cyber Warfare?[8]

On 19^th December 2018, the EU ambassadors approved the proposed law on cyber security that will allow the introduction of an IT security certification at EU level and will also lead to the consolidation of a permanent IT security agency. Always in December 2018, a provisional agreement was reached on the new law between the Presidency and the European Parliament. The European technology security certification will soon be available for devices connected to the Internet, allowing consumers to make more informed choices and make it easier for companies to market their products throughout Europe[9]. The Commission and the High Representative are therefore proposing to strengthen EU’s resilience, deterrence and response to attacks by creating a cyber security agency to assist Member States in managing cyber attacks. At the same time, the EU wants a plan to respond quickly, operationally and in unison when a large-scale cyber attack occurs and create a network of competence centers in the Member States[10].

The EU first faced the issue of cyber with China in 2012, when both signed the Joint Press Communiqué of the 14^th EU-China Summit, in which the two sides recognized the importance of deepening understanding in IT issues and wanted to strengthen exchanges to tackle obstacles and threats. Furthermore, the two sides agreed to establish an EU-China Cyber Taskforce[11]. The following year, China and the EU signed the EU-China 2020 Strategic Agenda for Cooperation, in which the two actors wanted to support and promote the creation of a peaceful, safe and open cybernetic space, promoting mutual trust and cooperation through platforms such as the Cyber Taskforce[12].

2. The position of the experts

In the research paper “Les relations entre l’Union européenne et la Chine: une nouvelle ère de cooperation strategique plus étendue?” published by European Parliament research service, it is confirmed that the security and defense dimension  are becoming increasingly important among the EU and China. The EU supports the establishment of a regular and in-depth dialogue with China in order to seek more points of convergence on the issues of disarmament, non-proliferation, the fight against terrorism and migration. The EU and China are also cooperating concretely and satisfactorily in the fight against piracy within the framework of  the European mission ATALANTA framework. Furthermore, the EU-China forum on peace and security, held in December 2017, confirmed the strengthening of cooperation between the two actors to intervene in the peace process in the Middle East, Syria, Afghanistan and on the nuclear agreement with Iran[13]. The EU has also largely formalized its partnerships, establishing regular political dialogues on IT issues with all its partners.

2. China hosts 7th China EU High level Economic and Trade Dialogue[14]

According to Thomas Renard, researcher of the Egmont Institute, for the EU the cyber-partnership seems to play an important role, because the Union wanted to be a useful interlocutor with all its strategic partners – and many other stakeholders – incorporating them into a network of dialogues, joint statements and joint initiatives, in which the EU becomes a hub, and  a significant player with whom other cyber actors are willing to spend time and resources[15]. In his article “EU cyber partnerships: Assessing the EU strategic partnerships with third countries in the cyber domain”, he confirms that cyber ​​espionage, for strategic or economic purposes, and cyber attacks by Russia and China against European institutions and nations, have been one of the main factors for a stronger European cyber security policy. But according to him, bilateral cooperation with Russia and China is not simple. These two countries are perceived as the main sources of cyber attacks and cyber espionage in Europe. As mutual trust is lacking, cooperation focuses mainly on confidence-building measures. While the transatlantic partnership aims at tangible results, such as increasing cyber security in the transatlantic space and beyond, partnerships with China and Russia mainly seek to maintain open dialogue on controversial issues and possibly aim at creating mutual trust[16]. These partnerships can be useful in more than one way, for example by building trust between partners and thus laying the foundations for future cooperation, bilaterally and multilaterally[17].

In the Joint Statement of 2018 after the 20^th EU-China Summit, the EU urged China to make a greater contribution to the development of responsible behavioral standards and to the application of international law in cyberspace, including the promotion of a further agreement on the protection of critical IT assets. The two sides should also develop measures to counter hybrid threats, in particular with regard to cyber security and infrastructure protection[18].

3.Conclusion

The EU and China established formal diplomatic ties in 1975. Nowadays, their relations include an annual summit, regular ministerial meetings and over 60 sectorial dialogues (EU-China Strategic Dialogue)[19]. On 22^nd March, the European Summit took place in Brussels, during which the Council of the European Union prepared the EU-China summit, which was held on 9^th April leading to an exchange of views on all relations with China in the international context[20]. A few days before, the Commission published the “Joint Communication to the European Parliament, the European Council – the EU – China – A strategic outlook”[21], which foresees the directive on network and information security, the law on informatics security and the European electronic communications code. Furthermore, on 8^th March 2019, the Commission and the High Representative proposed the establishment of a horizontal sanctions regime to counter cyber attacks. The proposed regime has worldwide coverage and will allow a flexible EU response regardless of where cyber attacks were launched and regardless of whether they are carried out by state or non-state actors. This sanctions regime, once adopted, would allow the EU to respond effectively to cyber attacks that threaten the integrity and security of Member States and their citizens[22].

As global strategic partners, the EU and China will strengthen the global dimension of their partnership to promote peace, security and sustainable development. The annual Summit between the EU and China was held on 9^th April in Brussels. The Joint Statement that was published after the meeting stated that the Cyber ​​taskforce ​​aims to maintain an open, secure, stable, accessible and peaceful environment for information and communication technologies. Furthermore, the two actors agreed on the importance of the United Nations Charter to maintain peace and stability in cyberspace[23]. Cooperation in the cyber field is projected accordingly to that of international security. Indeed, the intention of the EU and China to commit to work together and closely coordinate the evolution of the peace process in Afghanistan, which must be a comprehensive and inclusive Afghan-led political process, becomes increasingly important. The two partners  are also active in recalling the importance of the Joint Comprehensive Plan of Action (JCPOA) concluded with Iran to contain nuclear proliferation. Furthermore, the EU and China are committed to strengthen high-level cooperation and exchanges on peace, security and defense, including maritime security to counter piracy especially in Africa. In an ever-changing and unstable international context, the agreements between the EU and China have a significant weight, especially after the commercial hostility with the United States. The war on duties that began in Washington turned the EU towards new partners, not only economic but also political. China has an export value of $375 billion in Europe, way higher than US exports to Europe. Furthermore, European markets (especially Germany, France and Italy) benefit from exports to China. This is an optimal strategy that could entail both a political and an economic level in a win-win approach that would force the other powers to assess the importance of cooperation between the EU and China.

Maria Elena Argano

For further information:

[1] EEAS Website, Shared Vision, Common Action: a stronger Europe: https://eeas.europa.eu/sites/eeas/files/eugs_review_web_0.pdf p. 21

[2]EEAS Website: Joint Press Communiqué of the 14^th EU-China Summit: http://eeas.europa.eu/archives/docs/china/summit/summit_docs/120214_joint_statement_14th_eu_china_summit_en.pdf

[3] Council of the European Union Website, Council Conclusion on cyber diplomacy: http://data.consilium.europa.eu/doc/document/ST-6122-2015-INIT/en/pdf

[4] EEAS Website, Shared Vision, Common Action: a stronger Europe: https://eeas.europa.eu/sites/eeas/files/eugs_review_web_0.pdf, p.22

[5] Ibidem, p.42

[6] Council of the European Union Website, Outcome of proceedings:  https://www.consilium.europa.eu/media/31666/st14435en17.pdf

[7]Council of the European Union Website, European Council 18/10/2018: https://www.consilium.europa.eu/en/meetings/european-council/2018/10/18/

[8] European Parliament Website, Cyber Defence In The EU: Preparing For Cyber Warfare?: https://epthinktank.eu/2014/10/31/cyber-defence-in-the-eu-preparing-for-cyber-warfare/

[9] Council of the European Union Website, Reform on cybersecurity in Europe: https://www.consilium.europa.eu/en/policies/cyber-security/

[10] European Commission Website, Cybersecurity: https://www.consilium.europa.eu/media/21480/cybersecurityfactsheet.pdf

[11] Council of the European Union, Joint Press Communiqué of the 14^th EU-China Summit: http://eeas.europa.eu/archives/docs/china/summit/summit_docs/120214_joint_statement_14th_eu_china_summit_en.pdf

[12] EEAS Website, EU-China 2020 Strategic Agenda for cooperation: http://eeas.europa.eu/archives/docs/china/docs/eu-china_2020_strategic_agenda_en.pdf

[13]European Parliament Website,  Les relations entre l’Union européenne et la Chine: une nouvelle ère de coopération stratégique plus étendue?: http://www.europarl.europa.eu/RegData/etudes/STUD/2018/570493/EXPO_STU(2018)570493_FR.pdf, p.12

[14] China hosts 7th China EU High level Economic and Trade Dialogue: https://www.youtube.com/watch?v=RsBAjAywOG4

[15] Egmont Institute Website, EU cyber partnerships: Assessing the EU strategic partnerships with third countries in the cyber domain: http://www.egmontinstitute.be/content/uploads/2018/01/EPS-EU-cyber-partners_RENARD_AM.pdf?type=pdf p. 8

[16] Ibidem, p. 10

[17] Ibidem, p. 15

[18] EEAS Website, Joint statement of the 20^th EU-China Summit: https://eeas.europa.eu/delegations/china_en/48424/Joint%20statement%20of%20the%2020th%20EU-China%20Summit

[19]EEAS Website, Joint Communication to the European Parliament and the Council : http://eeas.europa.eu/archives/docs/china/docs/joint_communication_to_the_european_parliament_and_the_council_-_elements_for_a_new_eu_strategy_on_china.pdf

[20] Council of the European Union Website, Conclusions: https://data.consilium.europa.eu/doc/document/ST-1-2019-INIT/fr/pdf

[21] European Commission Website, EU-China a strategic outlook:  https://ec.europa.eu/commission/sites/beta-political/files/communication-eu-china-a-strategic-outlook.pdf

[22] Ibidem

[23] Council of the European Union Website, EU-China Summit Joint Statement:  https://www.consilium.europa.eu/media/39020/euchina-joint-statement-9april2019.pdf